Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A few suspicious processes running, can't open their file location?


  • Please log in to reply
3 replies to this topic

#1 HippoMen313

HippoMen313

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 03 November 2013 - 06:16 PM

     Today I decided to look in my task manager to make sure nothing suspicious was happening.  I found a few processes that I don't exactly feel good about.  They have no description, no properties window (nothing happens when I click "properties" on them), and when I try right-clicking them, then clicking "Open File Location", nothing happens.

 

I run on Windows 7 64-bit, I have a CPU & GPU that are both from AMD (AMD Phenom II x4 970 and AMD Radeon 7xxx).

 The Processes are named:

csrss.exe  (takes up around 2,200 memory)

WinMsgBalloonClient.exe  (takes up around 1,400 memory)

atieclxx.exe  (takes up around 2,600 memory)

 

---> Main reason you came here - is there a way I can check if these are safe or not/are they safe?

I should also add that my boot times have been rather slow recently.


Edited by HippoMen313, 03 November 2013 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:09 AM

Posted 04 November 2013 - 08:41 PM

Windows Task Manager does not provide enough information. These are tools to investigate running processes, programs that run at startup, services and gather additional information to identify them or resolve problems:These tools will provide information about each process, CPU usage, file description and its location. Most of them are stand-alone apps in a zip file so no installation is necessary.

-- System Explorer provides a security check of running processing using their online security database when you first launch the program. Just press the Security Scan tab at the top, then click Start Security Check. After the check you can click the link to See the results of the security check >>. Keep in mind, that the check is not a guarantee of what is or is not detected as malware.

-- Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.

Anytime you come across a suspicious file or one that you do not recognize, search the name using one of the following databases which hosts a collection of lists that provide information on the components of legitimate and malicious programs.Another option is to search the name using Google <- click here for an example.
-- CAUTION: When searching for malware removal assistance on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or removal tool. In some cases if the fix is a free download, users may be enticed to download a malicious file or be redirected to a malicious web site.


If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 HippoMen313

HippoMen313
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 05 November 2013 - 07:57 PM

Thank you for your reply!  I downloaded and used a few of these and found out that it's nothing bad.  I learned a lot from your post, thank you!



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:09 AM

Posted 05 November 2013 - 08:05 PM

You're welcome and always glad to hear someone has learned something new.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users